Safeheron Says Using MPC Wallets with Starknet Apps Creates Security Flaw

To meet the demands of multi-party asset governance, Safeheron has released the Web3 Suite, a platform that enables users to engage securely with decentralized apps via the Safeheron browser extension. Safeheron’s security team routinely examines dApps that their clients interact with to make sure there are no possible security problems because dApps can take many different shapes and have varying security designs. The Safeheron security staff recently reviewed the security of many dApps and found possible problems with some of the authorization designs in some situations.

MPC Technology is Used to Create Self-Custodial Wallet Solutions

By decentralizing the administration of key pieces, self-custodial wallet systems created with MPC technology often accomplish self-custodianship. As a result, the platform is unable to independently keep hold of a user’s resources without the user’s consent. These platforms frequently employ t/n protocols, like GG20, GG18, MPC-CMP, and others, making the signature accessible to the t parties engaged in the signing protocol.

The issue is that if a user had utilized dYdX or other comparable decentralized applications with an MPC-based self-custodial wallet system, the platform would also know the stark key signature and API key signature as a participant in maintaining key shards. As a result, the MPC wallet system would be able to manage the user’s dYdX assets without asking for permission.

As a result, the relationship involving MPC accounts and dYdX or other dApps that employ signature-derived keys negates the concept of self-custody for MPC account systems, allowing them to manage users’ assets in these kinds of dApps without obtaining user consent or following MPC calculations. Consumers could be able to go around pre-established transaction regulations, and former workers might still be able to use the dApp.

Several wallet browser extensions provide user interfaces that replace the MetaMask browser or use WalletConnect to connect to decentralized applications. The recovery of assets via Ethereum Key Authentication is achievable, but the procedure is challenging and probably out of the reach of the typical user.

Safeheron Commits to Provide Open-Source MPC-ECDSA Protocol Support for the STARK Curve

To further help customers protect their assets, Safeheron intends to completely open assistance for the MPC-ECDSA mechanism on the STARK curve and extend their service offerings including native compatibility for StarkEx and StarkNet. The security of user payments is of the utmost importance in the quickly developing Web3 environment.